apptainer python ci

[sramakintel]

Description

Related Issue

Changes Made

• [ ] The code follows the project's coding standards.
• [ ] No Intel Internal IP is present within the changes.
• [ ] The documentation has been updated to reflect any changes in functionality.

Validation

• [ ] I have tested any changes in container groups locally with test_runner.py with all existing tests passing, and I have added new tests where applicable.

[github-actions[bot]]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 4 package(s) with unknown licenses.

See the Details below.

License Issues

.github/workflows/apptainer-ci.yaml

Package	Version	License	Issue Type
ai-containers	apptainer_python	Null	Unknown License

apptainer/requirements.txt

Package	Version	License	Issue Type
intel-openmp	2024.1.2	Null	Unknown License
mkl-include	2024.1.0	Null	Unknown License
mkl	2024.1.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
actions/actions/checkout	4.*.*	:green_circle: 7.5	Details Check Score Reason Maintained :green_circle: 10 18 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10 Code-Review :green_circle: 10 all changesets reviewed CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Signed-Releases :warning: -1 no releases found Fuzzing :warning: 0 project is not fuzzed Pinned-Dependencies :green_circle: 4 dependency not pinned by hash detected -- score normalized to 4 Security-Policy :green_circle: 9 security policy file detected Packaging :green_circle: 10 packaging workflow detected SAST :green_circle: 10 SAST tool is run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
actions/ai-containers	apptainer_python	Unknown	Unknown
actions/eWaterCycle/setup-apptainer	2.0.0	:green_circle: 4.9	Details Check Score Reason Code-Review :warning: 2 Found 1/4 approved changesets -- score normalized to 2 Maintained :green_circle: 10 16 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Binary-Artifacts :green_circle: 10 no binaries found in the repo Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Packaging :warning: -1 packaging workflow not detected Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection :warning: 0 branch protection not enabled on development/release branches Fuzzing :warning: 0 project is not fuzzed Security-Policy :warning: 0 security policy file not detected SAST :green_circle: 7 SAST tool detected but not run on all commits Vulnerabilities :green_circle: 9 1 existing vulnerabilities detected
pip/intel-openmp	2024.1.2	Unknown	Unknown
pip/mkl	2024.1.0	Unknown	Unknown
pip/mkl-include	2024.1.0	Unknown	Unknown
pip/numpy	1.26.4	:green_circle: 8.4	Details Check Score Reason Binary-Artifacts :green_circle: 10 no binaries found in the repo Branch-Protection :warning: -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests :green_circle: 10 16 out of 16 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected Code-Review :green_circle: 10 all changesets reviewed Contributors :green_circle: 10 project has 95 contributing companies or organizations Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Dependency-Update-Tool :green_circle: 10 update tool detected Fuzzing :green_circle: 10 project is fuzzed License :green_circle: 9 license file detected Maintained :green_circle: 10 30 commit(s) and 23 issue activity found in the last 90 days -- score normalized to 10 Packaging :warning: -1 packaging workflow not detected Pinned-Dependencies :green_circle: 3 dependency not pinned by hash detected -- score normalized to 3 SAST :green_circle: 9 SAST tool detected but not run on all commits Security-Policy :green_circle: 9 security policy file detected Signed-Releases :warning: 0 Project has not signed or included provenance with any releases. Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected
pip/psutil	5.9.8	:green_circle: 5.8	Details Check Score Reason Maintained :green_circle: 10 24 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Code-Review :warning: 2 Found 8/30 approved changesets -- score normalized to 2 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Binary-Artifacts :green_circle: 10 no binaries found in the repo Security-Policy :green_circle: 10 security policy file detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches Token-Permissions :warning: 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing :green_circle: 10 project is fuzzed Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0
pip/setuptools	69.5.1	:green_circle: 6.4	Details Check Score Reason Code-Review :green_circle: 8 Found 10/12 approved changesets -- score normalized to 8 Maintained :green_circle: 10 30 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices :warning: 0 no effort to earn an OpenSSF best practices badge detected License :green_circle: 10 license file detected Signed-Releases :warning: -1 no releases found Packaging :warning: -1 packaging workflow not detected Dangerous-Workflow :green_circle: 10 no dangerous workflow patterns detected Token-Permissions :green_circle: 10 GitHub workflow tokens follow principle of least privilege Security-Policy :green_circle: 10 security policy file detected Branch-Protection :warning: 0 branch protection not enabled on development/release branches Binary-Artifacts :warning: 0 binaries present in source code Pinned-Dependencies :warning: 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities :green_circle: 10 0 existing vulnerabilities detected Fuzzing :green_circle: 10 project is fuzzed SAST :warning: 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Manifest Files

.github/workflows/apptainer-ci.yaml

• actions/checkout@4.*.*
• ai-containers@apptainer_python
• eWaterCycle/setup-apptainer@2.0.0

apptainer/requirements.txt

• intel-openmp@2024.1.2
• mkl@2024.1.0
• mkl-include@2024.1.0
• numpy@1.26.4
• psutil@5.9.8
• setuptools@69.5.1

[sramakintel]

closed in favor of #211